On Sat, 19 Dec 2015 15:58:29 +0000 Ben Hutchings <b...@decadent.org.uk> wrote:
> On Sat, 2015-12-19 at 20:33 +1100, Riley Baird wrote: > > Package: wnpp > > Severity: wishlist > > Owner: Riley Baird > > > > * Package name : libwaive > > Version : 1.0.0+git20151218.a0e8c1 > > Upstream Author : Dima Krasner <d...@dimakrasner.com> > > * URL : https://github.com/dimkr/libwaive > > * License : MIT > > Programming Lang: C > > Description : Allow processes to waive their rights > > > > libwaive is a tiny library that provides waive(), a function that allows a > > process to waive its right to perform certain actions (e.g. open a file). > > > > It is inspired by Theo de Raadt's tame() system call > > (http://article.gmane.org/gmane.os.openbsd.tech/43085) > > libwaive takes a blacklisting approach, which is fundamentally > insecure. For example, WAIVE_EXEC is supposed to prevent loading an > executing new code, but it doesn't block the new execveat() system > call. At any time, Linux may be extended with new variants of old > system calls, and those new unknown system calls need to be blocked as > well. Ah, I see. The reason that I was packaging this is that it was used by the new version of signify-openbsd, a package which I maintain. It is possible to build this version of signify-openbsd without libwaive, but then the implementation of pledge() simply does nothing. What would you recommend that I do? I'm thinking that I should build signify-openbsd without libwaive, because that way there are no false expectations of security. You can see the source to signify-openbsd here: https://github.com/aperezdc/signify
pgp2QNgXgP7mD.pgp
Description: PGP signature
